Welcome to Cracking Tutorial #78!


Hiya guys,

Sorry for delays, I was busy with coding and all shit, and
still no phone at home..

Ah now, I'm proudly to present you tKC's Cracking Tutorial 2000!
It's a fast, better Viewer, it can read old *.tKC files too. Also
you can view *.NFO or *.TXT with this viewer! It has many features
eg. change colors, load skins, print etc, you can find it at
http://www.crackersinaction.org... enjoy it!

Here's a tut78.tKC...

OK, let's rave! ...or crack babes? :)



You'll need the following tools:

(I use these tools, I assume you'll use 'em, but it doesn't
mean that you'll need to use all those tools, so be sure to
get them handy for the examples in this tutorial!)

SoftICE v4.05
W32Dasm v8.93
Hacker's View v6.40
SmartCheck v6.03
ProcDump32 v1.6.2
Windows Commander v4.03 (I use it coz of easier to multitask)
Delphi, VB, C++, or TASM to code a keygen or a patch..

Don't ask me where to download all these tools since you had
a chance to get them when you used my older tutorials. Here
are a few good sites where you can grab tools from:

http://protools.cjb.net
http://w3.to/protools
http://www.crackstore.com

or ask any crackers to get you these tools!

Are you ready?!

OK! ;)


*** iNLiNE pATCHiNG A pROGRAM pACKED WiTH ASProtect - by Predator [PC/MFD] - April 26, 2000 ***

Oh yes, it can be done! And in this text I will try to explain how. First of all let me tell
you that the creator of this packer is quite smart (yet not smart enough) and it took me a
lot of time before I finally came up with this. Greetings go to R!SC for setting me on the
right track when I was lost, I finished the thing quickly after. AsProtect is a mofified
version of ASPack (same creator) and it features high compression ratio, CRC Checking and
SoftICE detection (hehe.. and the softice detection is something we will gladly use in this
tutorial). Normally if you want inline memorypatch a target (see R!SC's excellent tutorials
about it if you don't know what it means or if you don't know how to do it) you can easily
overwrite some code in the file and make it jump to your patch. The problem is with ASProtect,
that is uses 4 relocating layers. My first idea of doing a patch was let the program patch all
the layers in memory one after another, but you'll end up with hours and hours of work and it's
the question if the patch will work on all different Windows versions (different addressing in
each version). No, that isn't a good solution. Then I came up with the idea of using a Timer
you set at the very beginning of the program (the program entry point) that will check every
millisecond if the program is unpacked -> if yes then patch and disable the timer, else just go
on. Well, I tried but that didn't work. The first time the timer function runs is after the
program is allready launched and the nags show up and stuff... so then it's too late to patch.
Next idea, let's hook some api the unpacking procedures use and let it point to our patchcode.
Forget it, it won't work since every layer has a new address pointing to the api and shit...
So what is left? What the fuck can we do about this damn ASProtect? You'll be amazed at how
easy it can be to inline mempatch a program packed with it.

R!SC told me the following. The REAL Program Entry Point of the file, is -hardcoded- in the
exefile that is on your harddisk. This means you could overwrite the address of the PEP with
the address of your patch function and in the patch function after patching jump to the PEP.
But there's still the CRC check. He said he wasn't sure if it was hardcoded as well -> IT IS!
So what have we got here? This is our approach:

  1. Change the Program Entry Point in the file (with your hexeditor) and change it to the
     address of your patch function.

  2. The patch function will do this: patch the program, then jump to the real program
     entry point.

  3. Launch the program, grab the NEW crc (after the patches to the file have been made)
     and write it to the file again so it's updated.

And yes, this works!

Target: Awave Studio v7.0
Target URL: http://www.fmjsoft.com/download/awave70.zip (about 670 kb)
Protection: NAGS and such (we'll just disable the nag) + packed with ASProtect

Ok girls here we go ;> First of all, let's gather some information we need. We need first of
all the real program entry point and we have to make it go to the address of our patch. If
you run Awave, you'll see there's a softice detection. Enter softice -> bpx _lopen. Run
awave again, you'll see there are 2 calls to _lopen. Play with those 2 jumps and the softice
check is history. Ok now, we're allready close to the program entry point. Hit F12 for 3
times, and then start tracing with F10. At a certain time (watch carefully) you'll see that
EAX=004A71E7. The program does a PUSH EAX and then a RET. This means it will just go to the
program entry point and asprotect is not doing anything anymore the program just runs. Well,
our program entry point is 4A71E7. Let's search for that with our hexeditor in awave.exe!
You'll quickly notice if you search for the bytes 4A71E7 you won't find it. Remember you
gotta use reverse order? Search for: E7 71 4A... holy crap, still nothing found. Hehe.. thing
is, the file contains the program entrypoint - image base (which is almost always 400000) so
what is left: 4A71E7 - 400000 = A71E7. Then we still gotta use reverse order, so this is what
we are going to search for (and you'll find it this time): E7 71 0A. Fear! Now we can change
that to the location of our patch code. I use offset 320 (which will be VA: 400320). So we
replace the bytes E7 71 0A with: 20 03 00. Now, if you run the program, it will go to the
address 400320 instead of the programs real entrypoint! So what we do next: put the patch at
offset 320. I won't explain how to remove the nagscreen but I found it very quickly, nop 2
bytes at address 4644D9. My patch at offset 320 looks like this (in HIEW):

00000320: 66C705D94446009090     mov w,[0004644D9],09090 <-- patch the program
00000329: 68E7714A00             push 0004A71E7          <-- push the real program entry point
0000032E: C3                     retn                    <-- return to real program entry point

Ok so, what we have now is this. If you run the program -imagine there isn't a crc check now-
ASProtect will do it's work with unpacking and shit and eventually it will jump to our patch
instead of the program entry point. The patch will do it's work on the program code, and then
go to the program entry point as if nothing happened.

As I said, imagine there is no CRC check. Because there is, we gotta defeat that too. If you'd
run the program now, the CRC check will kick you in the nuts :> As said before, the CRC is also
hard coded in the exefile. So, we gotta find the comparing between the current crc and the crc
the file -should- have and then write the current crc to the file (replace the old one). Then
we are home free and we have defeated ASProtect! Ok, you wonder now where the fuck you would
find the CRC check. Well, again enter softice and type bpx _lopen. Run awave, and play with the
flags to disable softice check. Press F12 only once and step a few times. You'll see a compare
between EAX and EBP-8 (if I'm not mistaken). The funny thing is that EBP-8 holds the CRC the
file should have, and EAX holds the crc the file has now. Write them both down and exit softice
and awave. Hexedit Awave.exe again, and search for the bytes (in reverse order) of the original
CRC. The original CRC = 767583A8 so we search for: A8 83 75 76. Hehe, it will be found. Then
overwrite those bytes (don't forget that reverse order!) with the new CRC. For me, the new CRC
was: 53238D77 so we write: 77 8D 23 53. Exit hiew. Now, because we don't want any crap at all,
run FrogsICE so you don't have to manually disable the softice check.

Run Awave.exe, the program will run and it won't show the nag!
You (or better say: we:) did it!

Again, a ready made protection bytes the dust. I have to admit this one didn't go down that
fast, but we all know there's nothing like an impossible to crack protection and this quite
proves it I think :-)

Greetings: Well I especially greet R!SC for putting me on the right path, but ofcourse also all
the people in Phrozen Crew and Manifest Destiny. I can't forget to mention the hardcore
crackers in #cracking4newbies.. furthermore all the people I hangout with on IRC but I won't
mention any names because the ones I accidentally forgot would kick me in the nuts for it ;>

Hiyaz to all of you!

Signing off,
   Predator [PC/MFD]


Usefull Tools in Cracking by --..__J_o_h_n_n_y__A_U_M__..--

--------Motto for my actions:-------
  I'm for peace, love and prosperity and one global nation but without money to
divide us and without ego, who keeps men separated! Be a man of good sense - be
naturally, be divine! Try to progress on spiritual way! No God, no freedom!
I'm against tyranny under any form, against mondial iudeo-masonic occult
domination and against infiltrated bad rase of aliens! Out with Satan from this
planet! Real happiness, free and freedom for all!
--------

  Hi, guys, the forces of divine are back!
  I decide myself to write this tutorial about usefull tools in cracking and
helping tools, in the ideea that this could be very usefull, in special, for
beginners in cracking. Don't worry about this word - beginner - we are
beginners in something all our life!

  Before the begining of descriptions I wish to personally thank to all this
wonderfull cracking tools authors who put great efforts, time and intelligence
to produce such of state of the art programs! In fact, I need to thank to all
who have something to create and to give to others for improving their lives and
work (or passion) in better!

  All this tools or most of them can be found on these sites:
http://protools.cjb.net
http://protools.hpage.net
http://w3.to/protools
http://www.suddendischarge.com
http://202.103.100.253/hambo/cracktools.html
http://www.crackstore.com/tools.htm

  Or ask any advanced cracker to help you!

  In this tutorial I would not describe SOFTICE, W32DASM, SmartCheck, ProcDump
or HIEW - these tools are detailed in older tuts!

  Now, Universal Pictures presents: THE TOOLS!

1. One of the most important tool after the tools named above, after me, is a
compare tool: RixComp 4.87 - my choice (site: http://www.radsoft.net). Soon you
will have a tutorial for cracking and enhancing this fine tool (this with the
generosity and help of CIA & tKC, thanks a lot, guys!). I use this tool in
combination with a DOS comparing tool - bfc.com (Binary File Compare). You can
find these tools at www.geocities.com/john_aum/john_files/crk_tools.zip .
  I alternate RixComp with bfc.com (DOS program) because bfc.com give me very
fast the exact number of differencies that exist, interesting, no?

(I've never seen this RixComp before, I'll grab it as soon as I get connected to internet.
Oh by the way I've released today my lame FC2000 v1.00 version with source code included, it's
also a file compare tool :-) .....tKC)

2. A program hardly needed, after RixComp, is a program who automatically makes
cracks in DOS and/or Windows - here are 3 most used by me: DOS - PatchIt 2.2
(very good on many differencies); in Windows, but DOS style - Eliminator Patch
Compiler 3.01 (by our beloved tKC, I love this man!) and for Windows -
PatchMaker 0.99a. Of course, these progs makes cracks from comparing your
original_prg.exe and your_cracked_copy.exe files. Soon, if posible, (thanks to
CIA and tKC) I'll make a tutorial for improving PatchMaker 0.99a, because with
the improvings maded by me, the work with this program becomes faster, and we
wish to work faster, if posible. And because authors don't appear with a new
version, I'll do it, for helping me & you.
  Beginners must notice that for advanced cracks, like double or triple cracking
 (3 files in one move) or for modifying Windows Registry must make their own
cracks or search the WEB for more complex patchers.

(My latest Eliminator Patch Compiler v4.00 is available too, grab it .....tKC)

3. WinPatch 1.2.8 (from www.artistryinsoftware.com) is a great patcher (tKC use
this, too) for patching a file or a group of files (update them) even if the
new files are bigger in dimensions. Atention, when you patch, you must make 2
different subdirectories: one with original file(s) and second with modified or
bigger file(s). You need this proggie badly, so grab it now!

4. ConfigSafe 3.06.04 (or older versions)! You absolutely need this
extraordinary tool! What it can do? WOW! Ha, ha, ha! Can do this: find any
modification maded in structure and number of subdirectories or files, in
Windows Registry, almost anything it moves on your hdd, can be detected! This
after installing a new soft or after a new entry and exit in and from a program.
The program will tell you where is counting the days remaining on your trial
period and many others about new writings in registry or hdd.
  For me, even more extraordinary is that I've never seen this program to be
recommended by crackers, maybe they are keeping this secretly! The time of
revealings has come - you can find the trial version of this program at site:
http://www.configsafe.com/html/demo.html . I'll tell you how to crack it on a
coming tutorial (with the help and kindness of CIA and tKC).

(Hehe, I've never seen this ConfigSafe before, I normally use RegMon and FileMon tools,
quite usefull too... I'll grab that tool to try out, tnx .....tKC)

5. Registry Crawler 1.21-2.0 (http://4developers.com) - very usefull when you
need to find something very fast in Windows Registry or to go on same adresses
(bookmarks) on many times. You must have it!

6. File Info 2.30 - this program can identify many files types and can tell you
in what language is build an executable or if it is crypted or packed and with
what software. Can tell you if a document is in Word, txt, html or enhaced txt &
many others; this even on renamed extensions. Is one of the best around!Grab it!

7. DeShrink 1.6 - this program can deshrink or decrypt executables or binary
files maded with Shrinker 1.0 - 3.4 for you, so in this way you can have access
to real code of program with w32dasm with/or hiew tools for directly modify the
bites.

8. UnAspack 1.0.8.3 - this nice software can unpack beatifully for you any
program packed with Aspack untill version 2000 & 2.1. You must have this!

9. UPX 0.xx-1.00 - good compressor and decompressor of executable or binary
files. All versions can be found on http://upx.tsx.org or newest at sites above.
Excellent packer and unpacker for DOS or for Windows GUI progs. It's a must for
a cracker!

10. Other important decryptors or unpackers: Bye PE-Crypt v1.02, UNP V4.11,
UnArmadillo v1.1.1, PEunCompact v0.01 and many others. If you found an unknown
crypter/packer search for it on www.suddendischarge.com, for example.
  For packing your cracks (to be smaller) use Aspack 2000 or 2.1 or UPX 1.00.

11. An interesting tool is Compare2Crack/486 v0.06b (c2c.com).This fine DOS tool
will provide you very fast a list of all modifications (differencies) between 2
executables or binary/dll files: the original and your cracked copy of it. This
list will be created as a txt file. Very usefull somethimes!

12. Another fine tools: help2com, com2exe, exe2com, com2txt, Topo 1.2(for adding
of a window at the begining of a program), bat2exec, loupe.exe (for viewing
details in a bmp or icon), htmstrip.exe (for converting an HTML into a txt
file), xdoc.com (for converting a txt file into a DOS exe), PRIVATE EXE 2.2 (put
a password on your GUI exe file - see my tutorial from tKC tut no. 72),
cracker.exe and/or pcracker.exe (cracking progs that crack with help provided
from *.crk files), old SOFTICE 2.x-2.8 (DOS progs) and others.

13. GameTools 3.23 - a program with functions and design similar to SOFTICE; this
program can help you a lot in debugging and cracking DOS games and softwares.

(Ah I loved it, my favourite debugger in good ol' DOS days ......tKC)

14. SuperSnooper for Windows - this nice proggie will show you only the text
from an executable; you can download a similar (but DOS) program from my site:
www.geocities.com/john_aum/john_files/crk_tools.zip. In the zip are even more
usefull progs. Also take a look at my infos from www.geocities.com/john_aum; all
there is for you; be well informed and tell to others!

15. Exescope 5.12, Restorator 2.50, Resource Grabber 2.42, Resource Hacker
2.3.0.2, Resource Scrutator 1.21, MultiRipper 2.70: all these are progs that
grabs quickly the resources from DOS and/or GUI (windows) softwares like icons,
bmps, delphi resources, jpgs, mods... You must have these excellent progs! And
Exescope is one of the best! Decompress or decrypt first if neccesary!

16. And of course you could provide yourself with languages of programming for
to produce your own cracks in DOS or Windows: Turbo Pascal or Borland Pascal
7.0, Turbo C 2.0, Visual Basic 6.0, Delphi 5.0, MS Visual C++ and others. Search
after them with mega-engine www.profusion.com or www.metacrawler.com .
Of course, this too: Masm 32 5.0 or another ASM GUI compilers. And Learn ASM
well!

17. I almost forgot! Here must be reminded also HEX Workshop 3.02: a fine
hexeditor of exe & binary files (or the others). Nice functions: can shorten or
prolong files, copy or replace fragments from files (an icon or a bmp for
instance, when Exescope can't). I've tested many hexeditors, but this appears
(in my opinion) to be the fastest & easiest! Of course, I alternate this program
with Hackers's View, the best ASM & hexeditor for crackers!

18. If you use nfo files near your cracks, use NFO Builder 0.9b or newest
version to easily build your own nfo files (http://fnw.tsx.org) .

At the end: all these (after me - of course i'm subjective, anyone is) fine
tools mentioned in this tutorial are one of the most important in every day job
of a cracker.


Cracking Chinese Horoscope 1.0 (newest version)

WWW: http://www.springsoft.com
Cracker: --..__J_o_h_n_n_y__A_U_M__..--
Protections to be removed: expiring, some nags and disabled options
Tools: W32Dasm, Hacker's View, both backgrounded by Windows Commander 4.03

  Altough in tKC tut no. 74 is my tutorial about cracking Chinese Horoscope
(first version ever) now you only can download from www.springsoft.com the
1.0 version, so here you have on short, how to crack this version.

  Due to the lack of space and because almost all steps in cracking this
software are similar to tut 74, except the new adresses where to modify bites,
I'll not give you details on how to crack these identical protections, only the
final modifications (but you must practice if you wish to advance in cracking):

- first protection (copy enabled)   812D - 75 -> EB
- second protection (print enabled) 8357 - 75 -> EB
- third protection (begining nag)   B647 - 55 -> C3

  The new NAG protection added by the producer in this version, will be
explained by me in detail, now.

- first, make a copy of chscope.exe -> y.exe and dissasemble it with w32dasm;
- press ALT-S-F (search in w32dasm) and look for words that appear in error nag
  (after imputing dates) -> "You may only view people...";

OK! We found the place where is this nag! Press PageUp, you see this call -
USER.MESSAGEBEEP, yes? Above it is the conditional jump 75 03 (w32dasm adress
2.1347). We could make this 90 90 for never show us the nag but we observe at
2.1331 - 74 03. If we make this instruction 90 90, the program will go faster
at the right adress, jmp 13F6 (2.133 & 2.1349), will no longer process other
instructions untill 2.1347. So, let's make this je from hiew adress 6E31 ->9090.
Bingo! Working just fine! NAG is gone forever!

  Now, exactly like in tutorial 74, delete jqlreg.ini (from c:\windows) and
rewrite with Windows Commander 4.03 the year of prg. subdirectory from 2000 to
2050, for no expiration until year 2050 (put any year you wish - 3000, for ex.).

----------------
Greets: tKC (my love too!), CIA, PC, CORE, all crackers, PRO or newbies, all
cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all
must become free), we are great guys, and nice too. Love you all (but you must
be a good soul!).
Romanian Greets: Salutari tuturor crackerilor din Romania! Daca doriti cu
adevarat schimbari in bine, luati ca optiune de vot si pe cei de la Romania
Mare! Au aratat prin fapte ca sunt oameni iubitori si de omenie! O sa ne astepte
si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi!
At last, but from all my heart: I love you Heavenly Father, I know you are with
me all the time! God is love!
Try this: www.geocities.com/john_aum   Incredible infos for YOUR EYES ONLY!
E-mail: johnny_aum@yahoo.com
---------------Sorry if my english is not perfect!------------------------------


Cracking and enhancing RixComp 4.87 (beautifull file comparator)

Target: RixComp 4.87 (from Rix2k Extreme Power Tools)
WWW: www.geocities.com/john_aum/john_files/crk_tools.zip or old CDs (rix2k.exe)
Cracker: --..__J_o_h_n_n_y__A_U_M__..--
Protections to be removed: splash, unregistered style and others
Tools: Exescope 5.12, Hacker's View and Windows Commander 4.03

--------
  I'm for peace, love and prosperity and one global nation but without money to
divide us and without ego, who keeps men separated! Be a man of good sense - be
naturally, be divine! Try to progress on spiritual way! No God, no freedom!
I'm against tyranny under any form, against mondial iudeo-masonic occult
domination and against infiltrated bad rase of aliens! Out with Satan from this
planet! Real happyness, free and freedom for all!
--------

  I've decided to make a tutorial with this program to show you (in special to
beginners) how to make a clever and usefull enhance to a program.
  But remember: if you give someone a copy, give it to him the original copy &
your crack, not an modified exe, because anyone has the right to have the
shareware copy and if your crack is bad, the person could restore to original
shareware version (this is a crackers law!). And also, is best for you to keep
your softwares in this way, so you will be not dizzy when looking for originals!

  We have 2 files here: rixcomp.exe (8704) & rix2k.dll (13824). Put both in
subdirectory c:\x, for example. We take a close look, and we observe:

a) a splash of RadSoft;
b) when clicking with right button on titlebar, appears About and we see
   "(Unregistered Product)" - two times;
c) we will exescope this program because we want that RixComp to show us more
   differencies (modifications) between 2 files.

1. Removing the splash. Make a copy after rix2k.dll -> rix2k.dlo (original).
Yes, I found that splash window is in rix2k.dll. How? Two ways. One, with
Exescope in Resource -> Dialog -> 4 (our window), or from Windows Commander 4.03
if you press F3, you can see down "T h i s   p r o g r a m...", words that are
in splash. Now entering with hiew. Press F7, write "p r o g", with 00 instead
20 between letters, and press Enter. We stop first on "m p u t e r   p r o g r".
Wrong text. Next. We stop again at adress 2E24. Here must be. We make 82 -> 7E
trick on adress above, 2E18. Bingo! Splash disolved in infinite!

2. No search & replace "(Unregistered Product)" with your name. You can do it on
your own. Two times means that you could put your name and your company or what
you wish. Remember to center the words for appearing nicely on About (right
click on titlebar, you know). If you're lazy: adresses 2882 & 28CA .

3. Let's make RixComp to show us more comparations. Enter with Exescope 5.12 in
rixcomp.exe (if you have shareware version of Exescope 5.12, do 55 -> C3 at
83E4C, for no limitations). Exescope -> Resource -> Dialog -> 1 - our window.
Four principal steps now:

a) increase dimension of principal window from right down corner - down & right;
b) move first small white window somewhere under icon frame;
c) move second small white window under first small window;
d) increase dimension of third big window (comparation window) up for reaching
   level of button "File 1" and now down for reaching near frame of principal
   window.

  Now you can do the last operations for a pleasant & equilibrate design.
In my archive - crk_tools.zip you can find file cmp.exe - my choice of
arranging RixComp (minimum rezolution 800x600). Ok, that's all!
Enjoy this fine comparing tool, an absolute need for a cracker!

PS. The icon from RixComp (right down corner) is a window with some options.
Click on it to see what's with this!

----------------
Greets: tKC (my love too!), CIA, PC, CORE, all crackers, PRO or newbies, all
cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all
must become free), we are great guys, and nice too. Love you all (but you must
be a good soul!).
Romanian Greets: Salutari tuturor crackerilor din Romania! Mergeti inainte, o
sa ne astepte si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi! In
curind, info despre Romanian Cracking Team la www.geocities.com/john_aum,
sfirsitul paginii.
At last, but from all my heart: I love you Heavenly Father, I know you are with
me all the time! God is love!
E-mail: johnny_aum@yahoo.com
---------------Sorry if my english is not perfect!------------------------------


How to crack IconForge 4.6 (crypted program)

Target: IconForge 4.6
WWW: http://www.cursorarts.com
Cracker: --..__J_o_h_n_n_y__A_U_M__..--
Protections to be removed: begining nags, exit nag, expiring
Tools: Deshrink 1.6, W32Dasm, Hacker's View, Windows Commander 4.03,
       MultiRipper 2.70 & ConfigSafe 3.06.04

--------Motto for my actions:-------
  I'm for peace, love and prosperity and one global nation but without money to
divide us and without ego, who keeps men separated! Be a man of good sense - be
naturally, be divine! Try to progress on spiritual way! No God, no freedom!
I'm against tyranny under any form, against mondial iudeo-masonic occult
domination and against infiltrated bad rase of aliens! Out with Satan from this
planet! Real happiness, free and freedom for all!
------------------------------------

*** In this tutorial are some inedited aproaches in cracking!
  IconForge 4.6 is a tool of many performances in icon thechnology: can build an
icon from scratch, import from bmps or clipboard, change rezolutions, reverse or
other effects, build cursors (*.ani files), many others. And the other tools
from IconForge 4.6 suite are also well.
  I was conquered by the many posibilities offered by this software.
  But I was surprised by the fact that I never found a crack for this on all WWW
at the time when I was searching (on many crack engines or cracks webpages), and
the serials that I found was not working at all, that's because the serial is
personalized on each PC, those crackers should observe that.
  If someone could pick a valid serial from IconForge 4.6, I ask him nicely to
make a detailed tutorial (with use of SOFTICE) and send it to tKC. Because I was
not so advanced in ASM, I was not able to do it in usefull time and I quitted.
  So, let's kill this forge my way!

(MFD has released a valid serial for v4.5, however I don't have v4.6 yet, I'll try
find the latest version and write a tutorial as soon as possible, ok? .....tKC)

1. First step (my usual): look at the header of file - words like shrink1,
shrink34.ldr... It's clear, it's crypted with Shrinker 3.4. We could verify this
with File Info 2.20. Let's see. I was right, yes.

2. Decrypt IconForge.Exe with DeShrink 1.6 (thanks to job, great guy). Enable
first the option "unpack Shrinker 3.4", decrypt... yes, the new file if.exe has
3229696 bites. If you're wondering (to beginners) how to decrypt, browse with
left browse button & select (in Deshrink 1.6) IconForge.Exe and in right press
browse and write if.exe, press Save and then press Decompress. OK!

3. Now delete old IconForge.Exe (we don't need it anymore), rename if.exe ->
IconForge.Exe and dissasemble with w32dasm this uncrypted file. Ok, make a copy
y.exe for cracking. Enter in program and look for protections. We observe 2
nags, one after the other, then with yellow on maroon is writed how much days
of trial we have. On getting out we observe the last nag, the bmp with a face
who recommands to register the program. Exactly my dear! We will register very
soon in a way or other!

4. The first 2 nags. We look in w32dasm after words from them (because in this
lucky case, we  have some text in w32dasm), like ... "day trial" (titlebar of
second nag). Search for these words, this look like the only clue. Bingo! One
million bucks for JA! Me, I mean! On w32dasm adress 57219C we found something.
>From Strn REF window can be found also "of your 30 day trial", same thing.
We try first to cancel whole call, so at w32dasm adress (above) 57212C is 55.
Let's try 55 -> C3 (load hiew y.exe at 17212C). Bingo from first try! God, I
need a bingo in my real life too, come on! Give it to me on next sunday!

5. Next. End nag with old face! Boo! Dissapear now, to old for stay around!
At his age maybe will send him home, right? Right! If you don't notice that this
exe is in Delphi, you know now. So, I can try my tricks! The ones with canceling
to display bmps, works sometimes (my trick 28 -> 29 - same thing on canceling
icons). 2ACC64. What?! Ya, this is the start of the face from end nag (bmp).
Good, good, but how, my friend? You want to know? Simple, with MultiRipper 2.70
I extracted all bmps and I recognised that face, and in hiew I put a string from
bmp start for searching in y.exe, and like I said the begining adress is 2ACC64.
And my 28 -> 29 trick starting from 2ACC72. Let's cancel the bmp! So, on adress
2ACC72 replace 28 with 29 and test! Works beatifull, beautifull, my lovely
friend! Remember this trick, can help you sometimes! Final old guy just left
the party, is gone, dead, buryied! So long, aufwiedersehn!

6. Again next. Hey, (?#!) what the f... is happening? Incredible, a cat is on my
screen! What?! Ahaa...lemme, just a screenmate was activated by mistake when
I was running on my keyboard with turbofingers, this in the same time when was
raining with so many kinds of screens on my monitor (w32dasm, wc 4.03, hiew,
etc)! Reconnect now! We have still 2 problems: text in titlebar (...trial) and
expiring in 30 days! Well, nice! I used ConfigSafe to quickly see from a day to
another what changes appear in Registry or else! Only a change detailed in the
next reg file. So, make a reg file named if.reg with this inside:

--cut here without this line--------
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\
{A6421B4F-3D7C-602C-1543-7D453980F32A}\defaulticon]
@="-99999"
--cut here without this line--------

  You must make only a correction after making this file if.reg (due to 80 char.
limit): put cursor in front of acolade {A6421... and reunify all string by
pressing Backspace (...CLSID\{A6421...). Save and if.reg is ready. Press Enter
on it. Reopen IconForge after the information from if.reg succesfully entered
& observe. The program will expire after 99999 days or aprox. 274 years, good
enough, ha? If your an yogi practician (like me) maybe will watch together
what's happend after this "short" period of time. OK! We still have that yellow
text on maroon, hmmm, what if we can make yellow text on yellow background:
yellow and maroon have identical number of characters, see?
Let's change maroon with yellow.
2C6EFA is the right adress in hiew, I found it fast for you, so change maroon
into yellow & test it! OK! Looks fascinating! My job is done! By!

PS. You can pack now IconForge.Exe with Aspack 2000. It's smaller & better!
    Enjoy this nice program!


----------------
Greets: tKC (my love too!), CIA, PC, CORE, all crackers, PRO or newbies, all
cracker teams (keep going, we must eliberate from iudeo-masonic tirany, all
must become free), we are great guys, and nice too. Love you all (but you must
be a good soul!).
Romanian Greets: Salutari tuturor crackerilor din Romania! Daca doriti cu
adevarat schimbari in bine, luati ca optiune de vot si pe cei de la Romania
Mare! Au aratat prin fapte ca sunt oameni iubitori si de omenie! O sa ne astepte
si zile mai bune, ginditi optimist, Dumnezeu e aici cu noi!
At last, but from all my heart: I love you Heavenly Father, I know you are with
me all the time! God is love!
Try this: www.geocities.com/john_aum   Incredible infos for YOUR EYES ONLY!
E-mail: johnny_aum@yahoo.com
---------------Sorry if my english is not perfect!------------------------------


I really hope you've enjoyed this tutorial as much as I did!
Don't miss Tutor #79 soon! ;)

Credits goto:

bM[tfgx] for Splash Logo.
Predator for providing a tut in this version.
Johnny Aum for providing 4 tuts in this version.

To ALL the crackers: You are welcome to send me your tutors
to publish them .. see below for my email address!
*** 95 chars per line in textfile please! ***

And all the tutors can be found at:

http://www.crackersinaction.org

(or on IRC, ask CiA ops for urls!)

Greetz goto all my friends!

You can find me on IRC or email me at tkc@reaper.org

Coded by The Keyboard Caper - tKC
The Founder of PhRoZeN CReW/Crackers in Action 2000

Compiled with Delphi 5 on 17 May 2000

Cracking Tutorial #78 is dedicated to Sonia...